A criminal contacts you over email or snail mail and insists they have a webcam video of you watching “unsavory” videos or evidence you cheated on your wife.
To stop the release of this compromising information and to make the problem go away, the criminal asks for digital payment in Bitcoin or another form of cryptocurrency.
You should never respond or pay. All the criminals have are empty threats and they’re just trying to trick you.
What is CryptoBlack Mail?
CryptoBlackmail is any sort of threat accompanied by a demand that you pay money to a cryptocurrency address.
Just like traditional blackmail, it’s a “pay up or we’ll do something bad to you” threat. The difference is the demand for payment in online currency rather than traditional hard (and traceable) cash.
Why cryptocurrency? It’s not possible to “undo” a transaction and it’s hard for the authorities to track down the owner of a Bitcoin address.
With cryptocurrency, the money is gone as soon as you send it.
Some examples of CryptoBlackmail:
– Physical mail saying “I know you cheated on your spouse,” and demanding payment in the form of Bitcoin to a specified Bitcoin wallet.
– Emails claiming an attacker has placed malware on your computer and recorded you in a uncompromising position, along with a video feed from your webcam. The attacker also claims to have copied your contacts and threatens to send the video to them unless you pay.
– Emails including a password to one of your online accounts along with a threat and demand for payment to make the problem go away.
The attacker just found your password in one of the many leaked password databases and hasn’t compromised your computer. Keep in mind that the criminals almost certainly cannot follow through on their threat and they probably do not have the information they claim to have. It is simply a numbers game.
For example, someone may just send emails saying “I know you cheated on your spouse” to a large number of people knowing that, statistically, some of them will be tempted to act.
The important thing to note is that this not a personally targeted attack. Unfortunately, the scammers do trick some people, which then perpetuates this ongoing CryptoBlackMail scam as an easy payday for criminals with little to no work involved.
How to Protect Yourself
Ignore the scammers. Delete and forget the scam. Don’t try to negotiate or even respond with the scammer. Don’t pay a single cent.
Don’t re-use passwords. If a criminal sent you one of your passwords, it’s likely that password was from one of many leaked password databases available online.
Change your passwords. If you’re concerned a criminal might have your passwords, you should change them immediately.
Get a password manager. They can help keep track of those unique passwords. They remember passwords for you, letting you use strong, unique passwords everywhere without having to remember them all.
Disable your webcam. If you’re really worried about someone spying on you with malware on your computer, you can just disable your webcam when you aren’t using it.
The most important thing to do — aside from never paying the scammers — is to ensure you aren’t re-using passwords, especially if they’ve already been leaked. Use strong, unique passwords and you won’t have to worry about password leaks. Just change a single password whenever there’s a leak and you are done.